2.10 Web Browsers
2.10.10 Executing a Script
As described above, a browser, upon receiving a trigger message, can nondeterministically execute a script in any active document. The script is provided with a term of the form
htree, docnonce, scriptstate, scriptinputs, cookies, localStorage, sessionStorage, ids, secretsi .
The components of the term contain (in the order shown)
– document and window references of all active documents and subwindows,13, and, only for same-origin documents, information about the documents’ origins, scripts, script states and script inputs,
– the nonce of the document into which this script was loaded,
– the last state of the script,
– the input history (i.e., previous inputs from postMessages, XMLHttpRequests, WebSocket and WebRTC messages) of the script (as recorded in the document),
– cookies (names and values only) indexed with the document’s domain, except for httpOnly cookies,
– localStorage data for the document’s origin,
– sessionStorage data that is indexed with the document’s origin and the reference of the document’s top-level window,
– identities of the browser, and
– secrets indexed with the document’s origin.
Now, according to the definition of scripts, the script outputs a term. The browser expects terms of the form
hstate, cookies, localStorage, sessionStorage, cmd i
(and otherwise ignores the output) where state is an arbitrary term describing the new state of the script, cookies is a sequence of name/value pairs, localStorage and sessionStorage are arbitrary terms, and cmd is a term which is interpreted as a command which is to be processed by the browser. The old state of the script recorded in the document is replaced by the new one (state), the local/session storage data recorded in the browser for the document’s origin (and top-level window reference) is replaced by localStorage/sessionStorage, and the old cookie store of the document’s origin is updated using cookies similar to the case of HTTP(S) responses with
13
We over-approximate here: In real-world browsers, only a limited set of window handles are available to a script. Our approach is motivated by the fact that in some cases windows can be navigated by names (without a handle). However, as we will see, specific restrictions for navigating windows and accessing/changing their data apply.
Set-Cookie headers, except that now no httpOnly cookies can be set or replaced, as defined in [RFC6265]. For details, see Line 12of Algorithm A.8and Definition 46 in AppendixA.
Subsequently, cmd (if not empty) is interpreted by the browser as described next. For most commands, the browser expects additional parameters.
cmd = HREFcmd = HREFcmd = HREF: (Parameters: URL, window reference, and a flag indicating whether the Referer header should be suppressed.) A new GET request to the given URL is initiated. If the window reference is BLANK, the response to the request will be shown in a new auxiliary window. This new window will carry the reference to its opener, namely the reference to the window in which the script was running. Otherwise, if the window reference is not BLANK, the corresponding window is navigated (upon receipt of the response and only if it is active) to the given URL.
Navigation of windows is subject to several restrictions. We closely follow the rules defined in [Ber+17], Subsection 5.1.4: A window A can navigate a window B if the active documents of both are same origin, or B is an ancestor window of A and B is a top-level window, or if there is an ancestor window of B whose active document has the same origin as the active document of A (including A itself). Additionally, A may navigate B if B is an auxiliary window and A is allowed to navigate the opener of B.
cmd = IFRAMEcmd = IFRAMEcmd = IFRAME: (Parameters: URL, window reference.) Provided that the active document in the referenced window is same origin, create a new subwindow in that document and initiate an HTTP GET request to the given URL for that subwindow.
cmd = FORMcmd = FORMcmd = FORM: (Parameters: URL, method, form data, window reference.) Initiate a new request using the specified method for the given URL. If the method GET, the form data is transferred as URL parameters, otherwise it is put in the request’s body. The window reference determines, just like in the case of HREF, in what window the response is shown. Again the same restrictions for navigating other windows as in the case of HREF apply. For this request an Origin header is set if the method is POST. Its value is the origin of the document.
cmd = SETSCRIPTcmd = SETSCRIPTcmd = SETSCRIPT: (Parameters: window reference, script name.) Replace the script of the active document in the referenced window by the script with the given name, provided that the active document in that window is same origin.
cmd = SETSCRIPTSTATEcmd = SETSCRIPTSTATEcmd = SETSCRIPTSTATE: (Parameters: window reference, term.) Change the state of the script of the active document in the referenced window to a new term , provided that the active document in the window is same origin.
cmd = XMLHTTPREQUESTcmd = XMLHTTPREQUESTcmd = XMLHTTPREQUEST: (Parameters: URL, method, data, XMLHttpRequest reference.) Ini- tiate a request with the given method and data to the given URL, provided that the URL is same origin and the method is not is not CONNECT, TRACE, or TRACK.14 The Origin 14These methods are forbidden to prevent certain attacks, in accordance with [Fetch].
header is set as in the case of FORM.
cmd = BACKcmd = BACKcmd = BACK or FORWARDFORWARDFORWARD: (Parameter: window reference.) Replace the active document in the given window by its predecessor/successor in the window’s history.15 Again, the same restrictions for navigating windows as in the case of HREF apply.
cmd = CLOSEcmd = CLOSEcmd = CLOSE: (Parameter: window reference.) Close the given window, i.e., remove it from the list of windows in which it is contained. The same restrictions for navigating windows as in the case of HREF apply.
cmd = POSTMESSAGEcmd = POSTMESSAGEcmd = POSTMESSAGE: (Parameters: message, window reference, origin.) The message, the origin of the sending document, and a reference to its window are appended to the input history of the active document in the given window, unless that document’s origin does not match the given origin (and the given origin is not ⊥).
cmd = WS OPENcmd = WS OPENcmd = WS OPEN: (Parameters: URL, WebSocket reference.) Create a new WebSocket connection to the given URL and identified by the given WebSocket reference.
cmd = WS SENDcmd = WS SENDcmd = WS SEND: (Parameters: WebSocket reference, data.) Send data in a WebSocket message using an already established WebSocket connection (identified by the WebSocket reference).
cmd = RTC ∗cmd = RTC ∗cmd = RTC ∗: We present the commands for WebRTC connection establishment separately in Section2.12.
The script execution ends after the interpretation of the command.